SRX

Hi, guys,

I am tasked to build an edge service pop for our business, I am struggling to decide which platform to use, Cisco ASR 1K or Juniper data center SRX (SRX-5400 or lower model), here are essential requirements:

1. Full routing protocol support (BGP primarily)

2. 10+ Gbps zone based stateful firewalling throughput

3. up to 10Gbps IPsec (AES256 encryption) throughput

4. Flexible NAT configuration (static NAT, PAT, double NAT etc with policies)

5. At least 2x10GE interfaces

6. Hardware redundancy,  which means I may need two boxes -- ideally I want a single control plane, proprietary clustering is acceptable

7. most importantly, automation, which means to us for now is NETCONF, device configuration will be dynamically changing by Ansible during normal operation

Juniper SRX-5400 clustering totally meets my requirements, I think ASR 1K can also meet those requirements too but I am not sure about clustering part, the only problem with SRX-5400 clustering? COST. 

Would ASR-1000 series have much lower pricing tag compared to SRX-5400 with similar configuration?

Hi,

I would expect ASR1000 with the mentioned requirements to be lower priced than a SRX5400.

May I suggest for you to look at the newly released SRX4200 platform which should cover all of your requirements, except that IPsec VPN performance is listed as 9,6 Gbps, where you require 10 Gbps.

This platform is way better priced for your use case.

On the positive side you are also left only utilizing 1 RU instead of 5 RU and way lower power usage.

Thank you so much, looks like SRX-4000 has even lower specs than SRX-3400/SRX-3600 (SRX-5400 is an overkill for us, but we got a bundled pricing from a VAR so it is not significantly more expensive than SRX-3600), I will talk to the VAR, SRX-4000 may be a perfect fit if it is cheaper than SRX-3400/SRX-3600.

You can also "Request a Quote" and get the expert advice,

https://www.juniper.net/uk/en/how-to-buy/request-a-quote.page